Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

login automatically with Grails Spring Security

Tags:

grails

spring-security

My Grails app is using the Spring Security plugin. I need to login a user programatically, and I don't have access to their password. I tried the following, which supposedly worked when using the Acegi plugin (an ancestor of the Spring Security plugin):

// automatically login a user and assign them the USER role. 
// In my app, the email address is also the username
GrantedAuthority[] auths = [new GrantedAuthorityImpl('USER')]
SecurityContextHolder.context.authentication 
        = new UsernamePasswordAuthenticationToken(email, 'unknown', auths)

It seems like this has almost worked, because if I call springSecurityService.principal after executing the above, I get back the email address of the automatically logged in user. However, if I call springSecurityService.currentUser I get an error. The root cause of this error is that:

SpringSecurityUtils.securityConfig.userLookup.userDomainClassName

returns "Person" which is not the name of my user class. The various tags such as <sec:loggedInUser> also don't work, presumably for the same reason.

I wonder if this problem is somehow related to the fact that I'm using pre-existing domain classes for user and role (rather than classes generated by the plugin)? If the user logs in by entering their username and password into the form (rather than programatically), everything seems to work fine.

Update

Following Burt's advice, I replaced the code above with:

springSecurityService.reauthenticate(email)

But I still get an error on these lines within SpringSecurityService.getCurrentUser()

String className = SpringSecurityUtils.securityConfig.userLookup.userDomainClassName
grailsApplication.getClassForName(className).get(principal.id)

Because className is set to "Person", rather than the name of my User class.

like image 651
Dónal Avatar asked Aug 18 '11 21:08

Dónal

1 Answers

If the user exists in the database use springSecurityService.reauthenticate() - see this link for Grails 2 or this link for Grails 3.

This method is designed to update the authentication when a user change has made it out of sync with the database, but it's also useful for this scenario where you want to force a valid authentication for an existing user but don't know the password.

like image 55
Burt Beckwith Avatar answered Nov 06 '22 20:11

Burt Beckwith
Sign in to Comment

Related questions

Grails queries with criteria: how to get back a map with column?
How can I access images from Javascript using Grails Asset-Pipeline plugin?
link directly to GSP
Debug a Grails 3.x application
SpringSource Tool Suite Change Themes
Groovy and Grails vs Scala, Why Twitter choose Scala? [closed]
Grails 3.0.1 add in Eclipse show error Specified directory does not appear to be a Grails installation
How to register spring bean in grails that needs a reference to a filter bean
Grails Logging during integration tests
How to print from web application to receipt printer?
Grails GORM composition or hasOne?
Persisting Maps and Lists of properties as JSON in Grails
Grails 2.0 run-app very slow performance
Grails - Lift: Which framework is better suited for which kind of applications? [closed]
Grails / Spock: How to mock single method within class where method is called from within the class itself?
Grails suddenly throws error Could not determine Hibernate dialect for database name
Parse JSON Object from URL in Groovy
Changing primary key id to String type in Grails
Grails Hibernate4 upgrade errors on getGeneratedKeys()
How do I determine if a class is a Grails domain object?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!